package com.zhb.cms.oauth.custom;

import org.springframework.security.crypto.codec.Utf8;

/**
 * 自定义密码校验
 * 
 * @author itw_huomb
 */
public class CustomPasswordEncoderUtil
{
	/**
	 * Constant time comparison to prevent against timing attacks.
	 * @param expected
	 * @param actual
	 * @return
	 */
	public static boolean equals(String expected, String actual)
	{
		byte[] expectedBytes = bytesUtf8(expected);
		byte[] actualBytes = bytesUtf8(actual);
		int expectedLength = expectedBytes == null ? -1 : expectedBytes.length;
		int actualLength = actualBytes == null ? -1 : actualBytes.length;
		if (expectedLength != actualLength)
		{
			return false;
		}

		int result = 0;
		for (int i = 0; i < expectedLength; i++)
		{
			result |= expectedBytes[i] ^ actualBytes[i];
		}
		return result == 0;
	}

	private static byte[] bytesUtf8(String s)
	{
		if (s == null)
		{
			return null;
		}

		return Utf8.encode(s);
	}

}
